CREATE IDENT

Creates a GROUP, OS_USER, PROGRAM or USER (authorization-identity) ident.

where schema-clause is:

Usage

Embedded/Interactive/ODBC/JDBC.

Description

A new ident is created. If the ident is a USER, OS_USER or PROGRAM ident, a schema with the same name as the ident can also be created. A schema is created by default and when WITH SCHEMA is explicitly specified.

If the ident is a USER or PROGRAM ident, a password must be specified.

If the ident is an OS_USER, a password can be optionally specified.

USER idents are authorized to access a Mimer SQL database by using the CONNECT statement. In interactive contexts, e.g. when Mimer BSQL is started, a USER ident is used to log in.

OS_USER idents are a special type of USER ident which can be used to connect or log in a more automatic way. Once the connection has been established, an OS_USER ident will access the database as a USER ident.

If the CONNECT statement is used without specifying an ident name (or if <return> is pressed at the username prompt when logging into Mimer BSQL), the connect attempt uses the name of the operating system user id. In this case, the connection process will automatically attempt to use an OS_USER ident with that name. If an OS_USER ident exists in the database with that name, a connection is established without any password verification.

The same is true if the ident name specified in the CONNECT statement (or at the user name prompt in BSQL) is the same as the name of the current operating system user id and an OS_USER ident exists in the database with that name.

If an OS_USER ident is created with a password, it can be used as if it were a USER ident in situations where the operating system user id does not match the OS_USER ident name.

PROGRAM idents cannot be used to connect to a database. After a connection has been established (by using a USER or OS_USER ident), the ENTER statement can used to make a PROGRAM ident the current ident. The access rights to the database defined for the PROGRAM ident will thus come into effect.

The ident executing the ENTER statement must have EXECUTE privilege on the PROGRAM ident (the ENTER statement can be executed by a PROGRAM ident).

The ident that executed the ENTER statement will become the current ident again after the LEAVE statement has been executed.

GROUP idents cannot be used to connect to a database. They are used to implement collective authorization of access rights to the database. Other idents become members of a GROUP ident when MEMBER privilege on the GROUP ident is granted to them.

While an ident is a member of a GROUP ident, that ident is effectively granted the privileges held by the GROUP ident.

Restrictions

The ident must not have the same name as an ident that already exists in the database.

Notes

All letters in OS_USER names are treated as uppercase in Mimer SQL, regardless of operating system conventions. See SQL Identifiers for more information on naming objects.

The creator of a GROUP ident is automatically granted MEMBER privilege on it, with the WITH GRANT OPTION.

The creator of a PROGRAM ident is automatically granted EXECUTE privilege on it, with the WITH GRANT OPTION.

Ident passwords must be at least 1 and at most 18 characters long and may contain any characters except space. The case of alphabetic characters is significant. The password string must be enclosed in string delimiters, which are not stored as part of the password.

An ident who is authorized to created new idents (by having IDENT privilege) can also create new schemas.